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METHOD AND SYSTEM FOR PROVIDING BUSINESS PARTNERS WITH 
ACCESS TO A COMPANY'S INTERNAL COMPUTER RESOURCES 

TECHNICAL FIELD 

The present invention relates generally to computer systems, and 
5 more particularly to providing third parties access to a companies internal 
computer resources. 

BACKGROUND OF THE INVENTION 

In today's global business environment, a company may have 
numerous business partners with which information must be exchanged to 

10 facilitate business transactions. For example, where the company is a supplier of 
a product, business partners that purchase the product may need access to the 
company's internal computer resources, such as inventory databases and product 
pricing, when ordering the product. For example, a business partner may want to 
place an order for a predetermined quantity of the product, and before placing 

15 such an order may desire to check the company's inventory of the product. 
Moreover, a business partner may be provided access to other internal computer 
resources, such as internal Web sites and custom software packages, which may 
contain a variety of useful information on the product and assist the business 
partner, for example, in integrating the product into the partner's system. 

20 Typically, to provide business partners with access to a company's 

internal computer resources a custom communications network, such as an 
electronic data interchange (EDI) network, is established between the company 
and the business partners. Figure 1 is a functional block diagram illustrating a 
conventional EDI network 100 including a value added network 102 that 

25 provides a plurality of business partners 104-108 with access to internal 
computer resources 1 10 of a company 1 12, as will now be explained more detail 
The value added network 102 is a communications network that communicates 
with each of the business partners 104-108 and the company 112 via respective 
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communications links. Each communications link may provide authentication 
and encryption to ensure secure communication between the value added 
network 102 and the respective business partners 104-108 and company 1 12. 

In operation, the value added network 102 receives messages from 
5 the business partners 104-108 and the company 112 and forwards each message 
to the appropriate recipient. For example, if the business partner 104 desires to 
access a particular internal computer resource 110 in the company 112, the 
business partner sends a corresponding request to the value added network 102 
which, in turn, forwards the request to the company 112. In response to the 

10 request from the value added network 102, the internal computer resources 110 
process the request and return to the value added network 102 a message 
containing a response to the request The value added network 102 then forwards 
the message to the business partner 104 as the response to the business partner's 
initial request. As will be appreciated by those skilled in the art, the value added 

15 network 102 enables the company 112 to communicate with many business 
partners 104-108 without requiring a separate communications link with each 
business partner. 

In the EDI network 100, the messages communicated between the 
business partners 104-108 and the company 112 via the value added network 

20 have a predetermined message format agreed upon by the business partners and 
the company. Each business partner 104-108 that is to be provided with access 
to the internal computer resources 110 must agree upon the same predetermined 
message format. For example, assume the business partners 104-108 are 
distributors of the company 112, and that each such distributor is provided with 

25 the same access to the internal computer resources 110. In this example, all of 
the distributors must agree upon the same message format and configure their 
respective internal computer systems (not shown) to communicate with the value 
added network 102 according to this message format. Any new distributors that 
the company 112 later enters into contracts with must also utilize the same 

30 message format in order to become a member of the distributor network and have 
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access to the internal computer resources 1 10. The company 112 may also have 
other groups of business partners 104-108, such as suppliers, which require 
different types of access to the internal computer resources 110. For each such 
group of business partners 104-108, corresponding predetermined message 
5 formats must be agreed upon by the company 112 and the business partners. 

While the EDI network 100 securely provides each business 
partner 104-108 with the desired access to the internal computer resources 1 10 of 
the company 112, the costs of establishing such a network can be quite high. 
This is true because the EDI network 100 is a custom network that is being 

10 created between the company 112 and the business partners 104-108, with the 
company and each business partner agreeing upon the detailed specifications of 
the network including the type of data to be exchanged, message formats and 
protocols, and so on. 

There is a need for providing a third party such as a business 

15 partner with access to a company's internal computer resources without 
jeopardizing the security of the internal resources and without forming a special 
network, such as an EDI network, between the company and the business 
partners. 

SUMMARY OF THE INVENTION 

20 A method and system provide users with access to a company's 

internal computer resources without the need for a custom communications 
network, while not jeopardizing the security of the internal computer resources. 
According to one aspect of the present invention, a method of provides a user 
access to computer resources on a target computer system. The method includes, 

25 under control of a client computer system, initiating a user request to access a 
desired computer resource in the target computer system. Under control of an 
interface component on a server computer system, receiving the user request and 
initiating a remote invocation of a user component object on the target computer 
system in response to the user request. The remote invocation is received on the 
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target computer system and, in response to the remote invocation, the user 
component object is invoked to access the desired computer resource and obtain 
user information from the accessed computer resource. The user component 
object returns the user information to the interface component on the server 
5 computer system which, in turn, sends the user information to the client computer 
system. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 is a functional block diagram illustrating a conventional 
electronic data interchange (EDI) network for providing a number of business 
10 partners with access to a company's internal computer resources. 

Figure 2 is a functional block diagram illustrating a computer 
system for providing business partners with access to a company's internal 
computer resources according to one embodiment of the present invention. 

DETAILED DESCRIPTION OF THE INVENTION 

15 Figure 2 is a functional block diagram illustrating a computer 

system 200 for providing a business partner computer system 202 with access to 
internal computer resources 204 on a company's internal computer system 205 
without the need for establishing an EDI or other custom network, as will now be 
explained in more detail. In Figure 2, the arrows 1-10 indicate the flow of 

20 communication between components within the computer system 200, and will 
be discussed in more detail below when discussing the. overall operation of the 
computer system. In the following description, certain details are set forth to 
provide a sufficient understanding of the invention. However, it will be clear to 
one skilled in the art that the invention may be practiced without these particular 

25 details. In other instances, well-known components, timing protocols, software 
operations, and similar details have not been described in depth in order to avoid 
unnecessarily obscuring the invention. 
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In the computer system 200, the business partner computer system 
202 includes a Web browser 206 or other suitable program for communicating 
with a company Web server 208 via the World Wide Web, Internet, or other 
suitable communication network. The Web server 208 corresponds to the 

5 company's Web server that provides not only business partners but all Web users 
with access to various information about the company that is posted on the Web 
server. The Web server 208 includes an active server page ("ASP") 210 that 
receives requests from the browser 206, processes the received requests to 
generate a corresponding Web page, and returns the generated Web page to the 

10 browser. The ASP 210 dynamically creates a Web page corresponding to the 
received request from the browser 206, as will be appreciated by those skilled in 
the art. The communication between the browser 206 and the ASP 210 may be 
done using a secure protocol, such as the Secure Sockets Layer, to provide for the 
secure communication of data between the business partner computer system 202 

1 5 and the Web server 208. For example, the ASP 210 may store a password on the 
Web server 208 to provide authentication of the browser 206, and a private key 
can be utilized to encrypt and decrypt data transferred between the browser and 
the ASP. The ASP 210, along with all components on the Web server 208, may 
run under an environment such as Microsoft Transaction Server or other suitable 

20 server platform. 

The Web server 208 further includes a partner component wrapper 
212 that is initiated by the ASP 210 as part of the process of generating the Web 
page to be returned to the browser 206. The partner component wrapper 212 
translates data from a first format that is utilized by the ASP 210 to a second 

25 format that is utilized by other components in the system 200, and also performs 
the reverse translation. For example, the partner component wrapper 212 may 
translate HTML data received from the ASP 210, which corresponds to the data 
format of a conventional Web page, to a second data format such as a database 
query language format. The partner component wrapper 212 also performs the 
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reverse translation, translating data in the second data format to HTML data 
when the second data format is received by the partner component wrapper. 

Once the partner component wrapper 212 has performed the 
required data translation, the wrapper calls a partner component stub 214 that is 
5 stored on the Web server 208. The partner component stub 214 corresponds to a 
portion of a partner component object 216 stored on an application server 218 
that is part of the company's internal computer system 205. To the partner 
component wrapper 212 making the call, the stub 214 looks like the partner 
component object 216 stored on application server 218. The partner component 

10 stub 214 includes all required information for remotely invoking the partner 
component object 216, as will be appreciated by those skilled in the art. 

In response to the call from the partner component wrapper 212, 
the partner component stub 214 remotely invokes the partner component object 
216 through the distributed component object model ("DCOM") architecture, as 

15 will be understood by those skilled in the art. The DCOM architecture allows 
component objects on different computers to be utilized, where a component 
object is an object that executes predetermined functions in response to 
commands or calls supplied to the object. Each component object has a 
predetermined interface that defines the calls that may be applied to the object 

20 and the data returned in response to such calls. The DCOM architecture allows 
application programs to utilize previously developed component objects to 
perform desired functions, and thereby greatly reduces the programming time to 
develop such application programs. The DCOM architecture also provides 
secure communication between the partner component stub 214 and the partner 

25 component object 216 by, for example, authenticating a user name associated 
with the partner component stub 214 making the call, and thereafter determining 
whether the user name has access to the requested partner component object 216. 
The DCOM architecture is well understood by those skilled in the art, and thus, 
for the sake of brevity, will not be described in more detail. Although the 

30 computer system 200 uses the DCOM architecture in the embodiment of Figure 
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2, other suitable architectures such as the Distributed System Object Model 
(DSOM) may also be used. 

As illustrated in Figure 2, a firewall 220 is interposed between the 
application server 218 and the Web server 208, and the communications between 
5 the partner component stub 214 and the partner component object 216 via the 
DCOM architecture are through the firewall component. The firewall 220 is 
functionally positioned between the internal computer system 205 and the Web 
server 208 and monitors all messages entering or leaving the internal computer 
system, allowing only those messages that meet specified security criteria to pass 

10 to or from the internal computer system. As will be appreciated by those skilled 
in the art, the primary function of the firewall 220 is to prevent unauthorized 
external users from accessing the internal computer system 205. 

The partner component object 216 accesses associated internal 
computer resources 204 in response to the remote call from the partner 

15 component stub 214, and thereafter returns data obtained from the accessed 
computer resource to the stub via the DCOM architecture. The partner 
component object 216 is written to provide the business partner with access to 
specific internal computer resources 204 of the company, which may include an 
internal database 222, various internal company Web sites 224, and internal 

20 custom applications 226 that are typically accessible only to employees of the 
company. The functionality of the partner component object 216 and thereby the 
internal computer resources 204 to which a particular business partner is 
provided access may depend upon the type and nature of the business partner. 
For example, the partner component object 216 may provide a distributor of the 

25 company's product with access to inventory information on the internal database 
222, while the partner component may provide a joint technology partner of the 
company with access to internal Web sites 224 and internal custom applications 
226. 

The overall operation of the computer system 200 will now be 
30 described in more detail using the arrows 1-10 which, as previously mentioned, 
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illustrate the process flow between the components of the computer system. In 
operation, the browser 206, operating under control of a user of the business 
partner computer system 202, contacts the ASP 210 on the Web server 208 as 
indicated by the arrow 1 and requests a Web page from the server. In response to 
5 the received request, the ASP 210 initiates the partner component wrapper 212 as 
indicated by the arrow 2, and the partner component wrapper 212 translates data 
contained in the request from HTML data to another data format, such as a 
database query language format. The partner component wrapper 212 thereafter 
calls the partner component stub 214 as indicated by the arrow 3, and the stub 
10 remotely invokes the partner component object 216 as indicated by the arrow 4 
through the DCOM architecture, which is illustrated by the arrow 5. As 
previously mentioned, the DCOM architecture communicates between the 
partner component object 216 and the stub 214 through the firewall 220. In 
response to the call from the stub 214, the partner component object 216 accesses 
15 the requested internal computing resource 204 and thereafter returns data 
obtained from the accessed computer resource via the DCOM architecture (arrow 
6) to the partner component stub (arrow 7). The partner component stub 214 
provides the data received from the partner component object 216 to the partner 
component wrapper 212 (arrow 8) which, in turn, translates the data from its 
20 current format to HTML data which is thereafter applied to the ASP 210 as 
indicated by the arrow 9. The ASP 210 utilizes the data received from the 
partner component wrapper 212 to generate a Web page corresponding to the 
initial request received from the browser 206, and thereafter returns this Web 
page to the browser as indicated by the arrow 10. 
25 The computer system 200 allows the business partner 202 to access 

internal computer resources 204 on the company's internal computer system 205 
using a conventional Web browser 206 while not jeopardizing the security of the 
internal computer system. No custom communications network, such as an EDI 
network, is required with the computer system 200, and any number of business 
30 partners 202 may be provided access to the internal computer resources 204 
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simply by configuring corresponding components on the Web server 208 and the 
application server 218. The security of the internal computer system 205 is 
protected at several levels in the computer system 200. First, communications 
between the browser 206 and the ASP 210 on the Web server 208 may be 

5 through a secure communications protocol. In addition, the DCOM architecture 
also provides added security for communications between the partner component 
stub 214 on the Web server 208 and the partner component object 216 on the 
application server 218. Finally, the firewall 220 provides added security for 
preventing unauthorized communications to and from the internal computer 

10 system 205. 

It is to be understood that even though various embodiments and 
advantages of the present invention have been set forth in the foregoing 
description, the above disclosure is illustrative only, and changes may be made in 
detail, and yet remain within the broad principles of the invention. For example, 
15 many of the components described above may be implemented using either 
digital or analog circuitry, or a combination of both, and may be realized through 
software executing on suitable processing circuitry. Therefore, the present 
invention is to be limited only by the appended claims. 



